How Private Is Your Public Cloud? Stacking Up Google, Microsoft And AWS Data Privacy

Printer-friendly version Email this CRN article

The battle over data privacy isn't being fought on the mobile phone or in the data center, it's being fought in the cloud.

2016 has brought concerns over data privacy to an all-time high, driven in large part by a drawn-out debate early in the year between Apple and the FBI over an encrypted iPhone, new regulations brought forth in Europe, and lingering concerns about the National Security Agency and government access to personal information exposed by Edward Snowden.

"Without question, it's the No. 1 concern with moving to the cloud," said JD Sherry, vice president of cloud security at Denver-based solution provider Optiv Security.

That barrier is a key concern for companies' bottom line, as the shift to the cloud is expected to drive $1 trillion in direct or indirect spending over the next five years, according to research firm Gartner. Similarly, research firm IDC predicts that more than half of IT infrastructure spending will be in the cloud by 2020.

[Q&A: 'Future Crimes' Author On How To Keep Customer Data Private In The Public Cloud]

Allen Falcon, CEO of Westborough, Mass.-based solution provider Cumulus Global, said security or privacy comes up in every discussion he has with customers about migrating to the cloud, sometimes brought up by the customers themselves, sometimes by Cumulus Global.

Customer concerns about privacy and security are getting easier to overcome with education, but "not fast enough," he said.

Those concerns extend all the way up to the largest of enterprise customers, according to Charles Radi, vice president and principal cloud architect at Cloud Technology Partners, a Boston-based cloud solution provider serving the enterprise market.

"We're dealing with [privacy] issues for pretty much every single customer," Radi said. "It's a topic that always comes up." Radi said Cloud Technology Partners' enterprise customers have particular concerns around government access, privacy regulations, and transitioning security tools from on-premise to the cloud.

Driving a lot of that concern is confusion, said Vic Winkler, independent security consultant and author of "Securing The Cloud."

"It's very difficult to have a well-thought-out perspective on these topics in cybersecurity today because it's a confusing soup of disinformation and different points of view," Winkler said in an interview with CRN. "Cloud service providers are really being challenged in terms of how they ameliorate these concerns in customers in order to grow their businesses. And, they have to if they want to grow their business."

But how well-founded are those concerns when it comes to data privacy in the public cloud? If you ask the major cloud providers themselves, they say: not very.

"This is your data. This is not our data. As a general matter of principle, we design our systems and our processes to make sure that data is treated as yours and not as ours," said Neal Suggs, vice president and deputy general counsel at Microsoft, Redmond, Wash. "Microsoft runs on trust."

Suggs said data usage, control and privacy together make up one of the four pillars on which Microsoft has built its cloud strategy, along with data security, compliance and transparency. Those pillars extend from the design of the company's systems, the processes in place, encryption technologies, an audit process and a culture that "respects that customer-generated content is the customers' content and not our right to use without our customers' consent."

Jennifer Lin, director of product management for cloud security and networking for Google Cloud Platform, echoed that sentiment, saying security and data privacy is one of the top three priorities that comes up when customers consider moving to the cloud. As a result, she said it is "increasingly becoming a major differentiator for how [Google is] thinking about things."

"User data is user data, and we want to make sure we protect users' data. … We have to earn their trust. We have to show them that we do not access customer data. I think we've been very clear on that not only with our public-facing website, but also in how we define migration to the cloud," Lin said.

Amazon Web Services did not make an executive available to be interviewed for this story.

Printer-friendly version Email this CRN article